Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,808 Commits 1 Branch 0 Tags 15 MiB
457737b6cc
Commit Graph

122 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
12d897cd3e hvm: fix startup of HVM without Qubes Tools 
Do not pollute environment of calling process, otherwise all VMs started
from Qubes Manager afterwards will get QREXEC_STARTUP_NOWAIT, which
will cause wait_for_session not working.
 2014-04-01 01:07:57 +02:00
Marek Marczykowski-Górecki
2eaf649eed core: add simple 'run_service' function 2014-04-01 01:07:23 +02:00
Marek Marczykowski-Górecki
72d277c56b core: add QubesVm.get_prefmem (#788) 
Expose 'prefmem' property used by qmemman.
 2014-03-31 03:45:16 +02:00
Marek Marczykowski-Górecki
242590902a firewall: minor improvements 
Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.
 2014-03-28 02:55:35 +01:00
Marek Marczykowski-Górecki
e90e1c62ec proxyvm: add support for rules with expire time (#760) 2014-03-28 02:54:59 +01:00
Marek Marczykowski-Górecki
d1fbd9c59d proxyvm: use "conntrack" iptables module instead of deprecated "state" 2014-03-27 17:16:36 +01:00
Marek Marczykowski-Górecki
04f86c7059 core: use functions instead of evals for storing attributes to qubes.xml 2014-03-27 17:15:15 +01:00
Marek Marczykowski-Górecki
e9fe890acb core: rewrite "eval" to "func" attribute handlers 2014-03-26 04:41:28 +01:00
Marek Marczykowski-Górecki
5141aba741 core: support functions instead of evals in attribute config 
eval still supported, but once all the code will be converted to
functions, the support will be removed.
 2014-03-26 04:40:45 +01:00
Marek Marczykowski-Górecki
91428ebaa1 core: method to resize root.img (#699) 2014-03-21 18:43:13 +01:00
Marek Marczykowski-Górecki
9768b38ffc core: handle errors with xenstore access during VM shutdown 
When netvm and firewallvm is shut down, netvm handling code will
try to revoke firewallvm access to external IP. But if netvm shutdown
happens in the meantime, xenstore will throw ENOENT error.
 2014-03-13 18:32:13 +01:00
Marek Marczykowski-Górecki
840dc38730 core: do not mark DispVMs as included in backups 2014-03-10 04:29:59 +01:00
Marek Marczykowski-Górecki
09652cb0f8 core: store date of last backup for each VM 2014-03-10 04:29:14 +01:00
Marek Marczykowski-Górecki
c5e2ba03bd core: notify xenstored about domain resume 
Otherwise it will not fire further domain suspend/death watches against
this domain - so xl will not cleanup the domain.
 2014-03-05 03:39:49 +01:00
Marek Marczykowski-Górecki
f7b43d1f34 hvm: check for qrexec presence 2014-03-01 15:17:41 +01:00
Marek Marczykowski-Górecki
17e0a62a10 hvm: fix drive option parse 2014-03-01 15:17:17 +01:00
Marek Marczykowski-Górecki
9e3cd62d12 hvm: move 'drive' parameter *parsing* to property setter 2014-02-17 00:55:59 +01:00
Marek Marczykowski-Górecki
6fece6347f core: call xl destroy as root 
In case the VM has PCI devices, it need to access sysfs (as root).
 2014-02-16 11:15:06 +01:00
Marek Marczykowski-Górecki
1e2459c210 core: include 'default_user' in cloned attributes 2014-02-10 12:59:46 +01:00
Marek Marczykowski-Górecki
62457da085 Merge branch 'appicons' 2014-02-07 05:52:36 +01:00
Marek Marczykowski-Górecki
86d3e2f4dd core: Do not kill the VM when qrexec connect timed out (#790) 
In such case show an error to the user (via tray notification, not
dialog box!) and leave the VM in "transient" state. The user can wait
some more time for VM startup, check what VM is doing, or kill it
manually.
 2014-02-05 03:31:36 +01:00
Marek Marczykowski-Górecki
f4a2fcc8ae core: remove dead "xm console" code 2014-02-05 03:31:32 +01:00
Marek Marczykowski-Górecki
d25482ad29 Add one more method to get system timezone 
Some programs (like KDE system settings) makes /etc/localtime hardlink
instead of symlink. Handle this case. Hopefully there will be less and
less such applications...
 2014-01-23 02:33:05 +01:00
Marek Marczykowski-Górecki
4ea600c8d3 core/proxyvm: allow TCP traffic to DNS servers 
Some DNS queries requires TCP - namely those with response not fitting
in 512 bytes.
 2014-01-21 04:45:41 +01:00
Marek Marczykowski-Górecki
8dda7cf884 core: improve VM name validation 
Do not allow 'special' names.
 2014-01-21 00:41:01 +01:00
Wojciech Porczyk
962d3da42e
appicons 
labels need to be specified with colour code
also fixed duplicate QubesDispVmLabels
 2014-01-11 00:07:55 +01:00
Marek Marczykowski-Górecki
5f38ff916a hvm: one more fix for start() return value 2013-12-19 13:46:30 +01:00
Marek Marczykowski-Górecki
cdd031cea5 hvm: fix return value of vm.start() 2013-12-17 23:59:05 +01:00
Olivier MEDOC
2576e5000e hvm: copy template private.img during hvm creation if hvm is template based 2013-12-14 03:58:01 +01:00
Marek Marczykowski-Górecki
73c38d8d1c hvm: propagate qrexec/guiagent setting from template 
Do it only in one way - i.e. support the situation where template
doesn't have tools installed, but child VM does.
 2013-12-13 22:47:20 +01:00
Marek Marczykowski-Górecki
e4d6be3a4b hvm: start guid for HVM without guiagent installed 
This is fix for commit "ebf0a27 hvm: start fullscreen guid only if no
guiagent installed or in debug mode"
 2013-12-09 19:10:25 +01:00
Marek Marczykowski-Górecki
ebf0a275a1 hvm: start fullscreen guid only if no guiagent installed or in debug mode 2013-12-06 06:35:30 +01:00
Marek Marczykowski-Górecki
76aa93e94b hvm: start stubdom guid regardless of guiagent_installed (#60 pro) 
Alway start stubdom guid, then if guiagent_installed set - start the
target one and when connects, kill stubdom one. This allow the user to
see startup messages so prevent the impression of hang VM.

Note 1: this doesn't work when VM disables SVGA output (just after
windows boot splash screen).
Note 2: gui-daemon sometimes hangs after receiving SIGTERM (libvchan_wait
during libvchan_close). This looks to be stubdom gui agent problem.
 2013-12-03 06:18:23 +01:00
Marek Marczykowski-Górecki
4ce3acd64d hvm: always use qrexec for clipboard operations 
This is temporary solution until Windows GUI agent will handle
MSG_CLIPBOARD_* commands.

Also fix code style - wrap long lines
 2013-12-02 03:47:49 +01:00
Marek Marczykowski-Górecki
27f6f0e64e Merge branch 'new-backups' 
Conflicts:
	core-modules/000QubesVm.py
 2013-11-29 04:00:58 +01:00
Marek Marczykowski-Górecki
b73970c62d core: rename QubesDom0NetVm to QubesAdminVm 
This is somehow related to #757, but only first (easier) step. Actual
change of QubesAdminVm base class requires somehow more changes, for
example qvm-ls needs to know how to display this type of VM (none of
template, appvm, netvm).

Make this first step change now, because starting with R2Beta3 dom0 will
be stored in qubes.xml (for new backups purposes) so this rename would
be complicated later.
 2013-11-29 03:42:56 +01:00
Marek Marczykowski-Górecki
3c99ac1d07 Performance optimization regarding xenstore access 
Reduce number of xenstore access during checking current domain XID.
 2013-11-26 20:16:10 +01:00
Marek Marczykowski-Górecki
dc55720738 core: QubesTemplateHVm.is_appvm = False 2013-11-25 07:22:21 +01:00
Marek Marczykowski-Górecki
09393734a3 core: refuse to set template for standalone VM 2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
5033b53543 core: split HVM template into separate class 2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
dc6fd3c8f3 core: store dom0 info in qubes.xml 
At least to have there info about its backup.
 2013-11-24 23:50:39 +01:00
Marek Marczykowski-Górecki
1b83e5c687 hvm: default to template's MAC in MAC auto mode (#755) 2013-11-21 14:49:42 +01:00
Marek Marczykowski-Górecki
aeb83d1a45 hvm: do not reset root.img to template state when debug mode enabled 2013-11-21 04:36:53 +01:00
Marek Marczykowski-Górecki
a457b62728 core: more flexible mechanism for template compatibility check 
Using class method allow the users (Qubes Manager at least) to check
for compatibility without having any particular VM instance - useful
while creating the VM.
 2013-11-21 03:42:31 +01:00
Marek Marczykowski-Górecki
efeb284ab1 core: do not call resize2fs on private.img in dom0 
Do not parse VM data (filesystem metadata in this case) in dom0, as this
expose dom0 for potential attack.
 2013-11-21 03:38:12 +01:00
Marek Marczykowski-Górecki
6fddae3b9b Support for autostart VMs (#724) 2013-11-20 02:57:17 +01:00
Marek Marczykowski-Górecki
2005207462 Template support for HVM (#719) 
Any HVM (which isn't already template-based) can be a template for
another HVM. For now do not allow simultaneous run of template and its
VM (this assumption simplify the implementation, as no root-cow.img is
needed).
 2013-11-19 18:42:59 +01:00
Marek Marczykowski-Górecki
4090fdf758 QubesHVm: restore private.img support 2013-11-19 18:35:10 +01:00
Marek Marczykowski-Górecki
1315bdec87 QubesHVm: fix copy&paste error 2013-11-19 18:33:35 +01:00
Marek Marczykowski-Górecki
b3c127091d hvm: check for HVM capability on host when failed to start the VM 2013-11-09 23:48:49 +01:00
Marek Marczykowski-Górecki
a9a8335403 Merge remote-tracking branch 'oliv/master' into new-backups 
Conflicts:
	core/qubesutils.py
	dom0/qvm-core/qubes.py
 2013-11-07 22:41:16 +01:00
Marek Marczykowski-Górecki
c52059a23e core: unify handling dom0 case in --cdrom option 2013-11-01 02:25:22 +01:00
Marek Marczykowski-Górecki
55b4c6b6d1 missing import once again 2013-11-01 02:25:04 +01:00
Marek Marczykowski-Górecki
e2c43d2292 Allow HVM to notify dom0 about tools installation 
HVM can set some xenstore entries (in qubes-tools/ subtree) to pass
informations about installed tools to dom0. qubes.NotifyTools service
triggers update of VM properties (like qrexec_installed).
This way, after installation of Qubes Windows Tools, the user doesn't need
to change any VM settings to use the tools.
 2013-10-28 05:09:54 +01:00
Marek Marczykowski-Górecki
495a24a2e7 core/HVM: always start qrexec daemon 
If not marked as installed, start it in background - waiting for
possible Qubes Tools installation. If that happens, make it possible to
tell the dom0 about that fact.
 2013-10-28 05:08:28 +01:00
Marek Marczykowski-Górecki
3df9719972 core: add missing import 2013-10-27 16:09:16 +01:00
Marek Marczykowski-Górecki
dfe0b18382 core: call ACPI S3 emulation only for VMs with PCI devices 
Actually it looks to be needed only there.
But also another problem: this suspend doesn't work for firewallvm, for
unknown reason.
 2013-10-24 04:10:07 +02:00
Marek Marczykowski-Górecki
149971ae2e core: add methods to trigger ACPI S3 of VM 
Those methods should be called during dom0 suspend/resume.
 2013-10-23 21:56:50 +02:00
Marek Marczykowski
5e0d8c1155 Pass domain name to qrexec daemon 2013-10-18 03:39:02 +02:00
Marek Marczykowski-Górecki
41ba079eb8 Force the first character of VM name to be a letter 
Especially don't allow numeric-only name (our deserializer of qubes.xml
will convert it to int instead of str...).
 2013-10-08 22:47:56 +02:00
Marek Marczykowski-Górecki
5da7a520c4 core: move pci_add/pci_remove to QubesVM, add support for live add/remove (#708) 
This additionally requires qubes.DetachPciDevice service in VM.
 2013-09-01 01:26:43 +02:00
Marek Marczykowski
19982da9d2 QubesVm: drop evals already covered by generic deserializer 2013-08-13 00:33:54 +02:00
Marek Marczykowski
28b8eb0445 Send monitor layout at VM startup. 
Gui daemon isn't aware of multihead parameters, also gui protocol
doesn't support such information - currently by design it is configured
via Qubes RPC service.
At GUI startup send monitor layout to the VM.
 2013-08-11 04:11:34 +02:00
Marek Marczykowski
c8b3009b4f One more missing import 2013-06-07 05:40:13 +02:00
Marek Marczykowski
a1e9e3bf1a Fix domain clone/rename 2013-05-25 22:18:37 +02:00
Marek Marczykowski
48098accc5 core: fix datetime handling with new imports 
Now it is 'import datetime', not 'from datetime import datetime', so use
explicit datetime class from datetime module.
 2013-03-26 02:15:34 +01:00
Marek Marczykowski
59d36cfb69 Missing imports... 2013-03-26 01:28:39 +01:00
Marek Marczykowski
b0ec7c7b01 Missing import 2013-03-25 16:28:55 +01:00
Marek Marczykowski
f7d868bff8 Missing imports once again... 2013-03-19 13:36:35 +01:00
Marek Marczykowski
11243a51d3 QubesHVm: add missing imports again 2013-03-18 02:24:32 +01:00
Marek Marczykowski
4dea00349a QubesHVm: add missing imports 2013-03-16 20:07:11 +01:00
Marek Marczykowski
a84886db07 Move all files one level up 2013-03-16 19:56:51 +01:00